Security threats affecting personal computer systems present an ever-expanding set of challenges. Although computer malware, such as worms, trojans and viruses, have been evolving since the time before the ubiquity of personal computers, the last decade has seen a particularly significant expansion in the variety, sophistication and deployment of malware.
Notably, one recent trend is the evolution of malware creators from mostly nuisance players, to organized criminal organizations that deploy malware for financial gain. Some examples include stealing bank accounts, credit card databases, personal identity information, trade secret information, or the like. Certain malicious programs, known as ransomware, have been used to purposely interfere with the normal operation of a user's computer system while demanding that a ransom be paid, or supposed security software be purchased, to restore the normal operation.
There is an ongoing arms race being waged between malware creators and legitimate computer security companies. As security applications have evolved to keep pace with malware developments, so too have malware tools designed for overcoming the various protection techniques. Present-day malware programs oftentimes try to modify the kernel or the boot process of the operating system to obfuscate their existence in the computer system. These so-called rootkits or bootkits can be particularly difficult to counteract since security programs such as antivirus tools are application-level programs that run on top of the operating system and rely on the operating system's drivers, libraries, and other services, which may be compromised.
Recent advances in personal computer firmware, such as those advanced by the Unified Extensible Firmware Interface (UEFI) Forum, provide a secure program execution environment that operates independently of the operating system while providing a platform from which to run applications that utilize networking and other input/output facilities of the computer system. Various security-related solutions utilizing this type of advanced pre-OS firmware have been proposed, including ensuring the integrity of installed operating system and other program code, and providing updates and failure recovery for the operating system and certain applications prior to operating system startup.
Although these advances certainly provide improvements in computer system security, particularly in protecting against attacks that seek to bypass the conventional security application programs, there are nonetheless practical limits in the extent of pre-OS bootup security functionality that can be provided. For instance, users will tend to become frustrated if the pre-OS bootup security functionality causes significant slowdown in the system startup.
There is a need for effective, yet efficient, security measures for pre-OS security services without unduly burdening the resources and time needed for operating system startup.